Why are Russians excellent cybercriminals?

Last month, the US Office of the National Counterintelligence Executive identified two countries as most eagerly trying to steal American secrets through cyberspace. This month, the FBI’s ‘Operation Ghost Click,’ the investigation of a $14 million cybercrime case, led to six arrests and a hunt for a seventh. A few days later, it was revealed that hackers had taken over and sabotaged a water pumping facility in Illinois. Next month sees the trial of the so-called “king of spam,” charged with being responsible for perhaps 10 billion unwanted and often hoax email messages every day.

What do all these stories have in common? The US report identified Russia and China as the guilty parties; of the seven hackers involved in ‘Ghost Click,’ one is a Russian citizen, the other six ethnic Russian Estonians; the Illinois hack was traced to servers in Russia; and “king of spam” Oleg Nikolayenko comes from Vidnoye, just outside Moscow.

Why does every hacking and cyberscam story – real or fictional – seem to have a Russia connection?

In part, it is prejudice and laziness. The stereotype of the Russian hacker has become such a common media trope that it gets recycled again and again. It also offers a handy update for those looking for new ways to perpetuate the ‘Russian threat.’

But it is not as simple as that. According to industry analyses, Russia accounts for about 35 percent of global cybercrime revenue, or between $2.5 and $3.7 billion. That’s wildly out of proportion with the country’s share of the global information technology market (which is around 1 percent).

There is still a conspiracy angle for some. Russian hackers converged on Estonian government servers in 2007 during the dispute over a WWII memorial, then Georgian systems during the 2008 war. Given Russian intelligence’s evident interest in cyber-espionage, the claim is that the Kremlin either controls the hackers or, more plausibly, turns a blind eye so long as they step in to help when the government calls.

There may be some truth in this. The Federal Security Service runs a training center for hackers and antihackers at Voronezh. Besides, this is hardly unique to Russia. China’s so-called “red hackers” attack government critics and infiltrate foreign sites, for example. However, a more basic answer is that a disproportionate number of Russians have worldclass math and computers skills, yet not the kind of jobs to use them legitimately. Although many firms in the industry are based in Russia, or else hire Russians, there is a pool of skilled but under-employed programmers who embrace the hacker world for fun, out of disillusion, or for profit.

On the one hand, this criminal phenomenon is thus a paradoxical triumph for Russia and its human capital. And at present it poses a relatively lower risk to Russians themselves than foreigners. This might help explain why law enforcement cooperation with the West on cybercrime is lagging behind other areas. However, as Russians become more wealthy, more Internetconnected (Russians have become the largest community of users in Europe, reaching 50.8 million in September), they will become more vulnerable themselves. Then will be a little late suddenly to wake up to the advantages of international cyberpolicing.

Besides, if the Skolkovo initiative is really going to transform Russia’s high-tech industries, shouldn’t it be a priority to harness the hackers’ initiative and ingenuity?

Mark Galeotti is Clinical Professor of Global Affairs at New York University’s SCPS Center for Global Affairs. His blog, “In Moscow’s Shadows,” can be read at: http:// inmoscowsshadows.wordpress.com The views expressed in this article are the author’s own, and not necessarily those of The Moscow News.